purecrypter | edc3a7a85b4c116fe3b5806dd71c08fa907ea41cd57c43abf0494135eac0595f | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows10-2004-x64

Resubmissions

30-01-2023 13:33

230130-qtypzscc5w 10

30-01-2023 13:18

230130-qjzvascb81 10

Sharing

General

Target

file.exe
Size

6KB
Sample

230130-qtypzscc5w
MD5

05205710322716e7b4c548e623ede6ae
SHA1

3e2f75b285be2c148496d0381abd19f736e9f1f6
SHA256

edc3a7a85b4c116fe3b5806dd71c08fa907ea41cd57c43abf0494135eac0595f
SHA512

4e7e117b7d4b57464a4fedcab5ad4f26f2746c2e6534b30f1f1204627c37b8d92dc06c3f6cd6d8898a599cec786e50ad95f02008f46c197bee619b70bda1b8c2
SSDEEP

96:d4Z26fQ8osOtQXdcmRONSb8y5UQVeGk1xNezNt:IbtoBaXdTCnSer94

Score

10^/10

purecrypter downloader loader spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win10v2004-20221111-en

purecrypter downloader loader spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

http://justnormalsite.ddns.net/SystemEnv/uploads/newsoftware-tester_Pcnzayly.png

Extracted

Credentials

Protocol: smtp
Host:
mail.sfivegroupe.com
Port:
587
Username:
malika.baraitame@sfivegroupe.com
Password:
S8YVh~75ZPC

Targets

- Target
  
  file.exe
- Size
  
  6KB
- MD5
  
  05205710322716e7b4c548e623ede6ae
- SHA1
  
  3e2f75b285be2c148496d0381abd19f736e9f1f6
- SHA256
  
  edc3a7a85b4c116fe3b5806dd71c08fa907ea41cd57c43abf0494135eac0595f
- SHA512
  
  4e7e117b7d4b57464a4fedcab5ad4f26f2746c2e6534b30f1f1204627c37b8d92dc06c3f6cd6d8898a599cec786e50ad95f02008f46c197bee619b70bda1b8c2
- SSDEEP
  
  96:d4Z26fQ8osOtQXdcmRONSb8y5UQVeGk1xNezNt:IbtoBaXdTCnSer94
Score

10^/10

purecrypter downloader loader spyware stealer
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloaderspywarestealer

© 2018-2024

Terms | Privacy